Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,879 Commits
40 Branches
214 Tags
92 MiB
master
dependabot/go_modules/github.com/slackhq/nebula-1.9.0
wire-acme-extensions
mariano/init-provisioners
fix-1637
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0efaf514d7'
${ noResults }
Commit Graph

968 Commits (0efaf514d72373fa3b10688f2b3975982fbebf99)

Author SHA1 Message Date
Shulhan fe04f93d7f
all: reformat all go files with the next gofmt (Go 1.19) 
There are some changes that manually edited, for example using '-' as
default list and grouping imports.
 2 years ago
Mariano Cano 9c049eec5a Add revoke ssh unit test 2 years ago
Mariano Cano ce9a23a0f7 Fix SSH certificate revocation 2 years ago
Mariano Cano 911cec21da
Merge pull request #943 from smallstep/ssh-renew-provisioner 
Add provisioner to SSH renewals
 2 years ago
Mariano Cano 94f5b92513 Use proper context in authority package 2 years ago
Mariano Cano 1be74eca62 Merge branch 'master' into ssh-renew-provisioner 2 years ago
Mariano Cano 26dd97e718 Merge branch 'master' into context-authority 2 years ago
Mariano Cano 6b3a8f22f3 Add provisioner to SSH renewals 
This commit allows to report the provisioner to the linkedca when
a SSH certificate is renewed.
 2 years ago
Mariano Cano 3c4d0412ef
Merge pull request #941 from smallstep/ssh-provisioner 
Report SSH provisioner
 2 years ago
Max f8148071fb
Merge pull request #915 from smallstep/max/removing-beta 
exposing authority configuration for provisioner cli commands
 2 years ago
max furman 5443aa073a gofmt -s 2 years ago
Max 586e4fd3b5
Update authority/options.go 
Co-authored-by: Mariano Cano <mariano@smallstep.com>
 2 years ago
Mariano Cano dd985ce154 Clarify errors when sending renewed certificates 2 years ago
Mariano Cano a627f21440 Fix AuthorizeSSHSign tests with extra SignOption 2 years ago
Mariano Cano e7d7eb1a94 Add provisioner as a signOption for SSH 2 years ago
Mariano Cano 293586079a Store provisioner with SignSSH 
This change also allows to store the old certificate on renewal on
linkedca or if the db interface supports it.
 2 years ago
Mariano Cano c8d7ad7ab9 Fix store certificates methods with new interface 2 years ago
Mariano Cano de99c3cac0 Report provisioner and parent on linkedca 2 years ago
Herman Slatman 479eda7339
Improve error message when client renews with expired certificate 
When a client provides an expired certificate and `AllowAfterExpiry`
is not enabled, the client would get a rather generic error with
instructions to view the CA logs. Viewing the CA logs can be done
when running `step-ca`, but they can't be accessed easily in the
hosted solution.

This commit returns a slightly more informational message to the
client in this specific situation.
 2 years ago
max furman bfb406bf70 Fixes for PR review 2 years ago
Mariano Cano 898ca41268 Merge branch 'master' into context-authority 2 years ago
Herman Slatman c695b23e24
Fix check for admin not belonging to policy 2 years ago
max furman 25b8d196d8 Couple changes in response to PR 
- add skipInit option to skip authority initialization
- check admin API status when removing provisioners - no need to check
  admins when not using Admin API
 2 years ago
Mariano Cano 8942422973 Add GetID() and add authority to initial context 2 years ago
Mariano Cano 1e03bbb1af Change types in the ACMEAdminResponder 2 years ago
Mariano Cano f639bfc53b Use contexts on the new PolicyAdminResponder 2 years ago
Mariano Cano d461918eb0 Merge branch 'master' into context-authority 2 years ago
Herman Slatman 0f4ffa504a
Fix linting issues 2 years ago
Herman Slatman 7104299119
Add full policy validation in API 2 years ago
Herman Slatman 105211392c
Don't rely on linkedca model stability in API response bodies 2 years ago
Herman Slatman 5e9bce508d
Unexport GetPolicy() 2 years ago
Herman Slatman 60d8b22d89
Change context retrievers to MustTFromContext 2 years ago
Mariano Cano 43ddcf2efe Do not use deprecated AuthorizeSign 2 years ago
Mariano Cano 9147356d8a Fix linter errors 2 years ago
Mariano Cano a8a4261980 Fix authority/admin/api tests 2 years ago
Herman Slatman 77893ea55c
Change authority policy to use dbPolicy model 2 years ago
max furman 4cb74e7d8b fix linter warnings 2 years ago
Herman Slatman d82e51b748
Update AllowWildcardNames configuration name 2 years ago
Herman Slatman 2b7f6931f3
Change Subject Common Name verification 
Subject Common Names can now also be configured to be allowed or
denied, similar to SANs. When a Subject Common Name is not explicitly
allowed or denied, its type will be determined and its value will be
validated according to the constraints for that type of name (i.e. URI).
 2 years ago
Mariano Cano 00f181dec3 Use contexts in admin api handlers 2 years ago
Mariano Cano 623c296555 Create context methods from admin database 2 years ago
Mariano Cano 48e2fabeb8 Add authority.MustFromContext 2 years ago
Mariano Cano 9628fa3562 Add methods to store and retrieve an authority from the context. 2 years ago
Herman Slatman bddd08d4b0
Remove "proto:" prefix from bad proto JSON messages 2 years ago
Herman Slatman 6e1f8dd7ab
Refactor policy engines into container 2 years ago
Herman Slatman 2a7620641f
Fix more PR comments 2 years ago
Herman Slatman 76112c2da1
Improve error creation and testing for core policy engine 2 years ago
max furman b91affdd34 exposing authority configuration for provisioner cli commands 2 years ago
Herman Slatman 20f5d12b99
Improve test rigour for reloadPolicyEngines 2 years ago
Herman Slatman 6264e8495c
Improve policy error handling code coverage 2 years ago